Merge remote-tracking branch 'ni/master'
This commit is contained in:
commit
8014aa6594
@ -78,7 +78,9 @@ with import <stockholm/lib>;
|
||||
extraZones = {
|
||||
# TODO generate krebsco.de zone from nets and don't use extraZones at all
|
||||
"krebsco.de" = ''
|
||||
krebsco.de. 60 IN MX 5 mx23
|
||||
cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
|
||||
mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = {
|
||||
@ -213,7 +215,6 @@ with import <stockholm/lib>;
|
||||
ni = {
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
krebsco.de. 60 IN MX 5 ni
|
||||
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||
@ -351,11 +352,17 @@ with import <stockholm/lib>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
|
||||
};
|
||||
xu = {
|
||||
binary-cache = {
|
||||
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
|
||||
};
|
||||
cores = 4;
|
||||
nets = {
|
||||
gg23 = {
|
||||
ip4.addr = "10.23.1.38";
|
||||
aliases = ["xu.gg23"];
|
||||
aliases = [
|
||||
"cache.xu.gg23"
|
||||
"xu.gg23"
|
||||
];
|
||||
ssh.port = 11423;
|
||||
};
|
||||
retiolum = {
|
||||
|
@ -37,7 +37,17 @@ rec {
|
||||
};
|
||||
};
|
||||
|
||||
writeBash = makeScriptWriter "${pkgs.bash}/bin/bash";
|
||||
writeBash = name: text:
|
||||
assert (with types; either absolute-pathname filename).check name;
|
||||
pkgs.writeOut (baseNameOf name) {
|
||||
${optionalString (types.absolute-pathname.check name) name} = {
|
||||
check = pkgs.writeDash "shellcheck.sh" ''
|
||||
${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || :
|
||||
'';
|
||||
executable = true;
|
||||
text = "#! ${pkgs.bash}/bin/bash\n${text}";
|
||||
};
|
||||
};
|
||||
|
||||
writeBashBin = name:
|
||||
assert types.filename.check name;
|
||||
@ -91,6 +101,7 @@ rec {
|
||||
|
||||
writers.text =
|
||||
{ path
|
||||
, check ? null
|
||||
, executable ? false
|
||||
, mode ? if executable then "0755" else "0644"
|
||||
, text
|
||||
@ -102,6 +113,9 @@ rec {
|
||||
var = "file_${hashString "sha1" path}";
|
||||
val = text;
|
||||
install = /* sh */ ''
|
||||
${optionalString (check != null) /* sh */ ''
|
||||
${check} ''$${var}Path
|
||||
''}
|
||||
${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path}
|
||||
'';
|
||||
};
|
||||
|
@ -19,6 +19,7 @@ stdenv.mkDerivation {
|
||||
git
|
||||
gnugrep
|
||||
gnused
|
||||
nettools
|
||||
openssh
|
||||
socat
|
||||
]);
|
||||
|
@ -1,11 +1,11 @@
|
||||
{ mkDerivation, base, fetchgit, stdenv }:
|
||||
mkDerivation {
|
||||
mkDerivation rec {
|
||||
pname = "blessings";
|
||||
version = "1.0.0";
|
||||
version = "1.1.0";
|
||||
src = fetchgit {
|
||||
url = http://cgit.ni.krebsco.de/blessings;
|
||||
rev = "25a510dcb38ea9158e9969d56eb66cb1b860ab5f";
|
||||
sha256 = "0xg329h1y68ndg4w3m1jp38pkg3gqg7r19q70gqqj4mswb6qcrqc";
|
||||
rev = "refs/tags/v${version}";
|
||||
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
|
||||
};
|
||||
libraryHaskellDepends = [ base ];
|
||||
doHaddock = false;
|
||||
|
@ -2,6 +2,6 @@
|
||||
|
||||
fetchgit {
|
||||
url = https://github.com/krebscode/painload;
|
||||
rev = "8df031f810a2776d8c43b03a9793cb49398bd33b";
|
||||
sha256 = "03md5k6fmz0j1ny22iw96dzq7cvijbz24ii85i0h2dhcychdp650";
|
||||
rev = "c113487f73713a03b1a139b22bb34b86234d0495";
|
||||
sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6";
|
||||
}
|
||||
|
@ -15,7 +15,6 @@ with import <stockholm/lib>;
|
||||
../2configs/nginx/public_html.nix
|
||||
../2configs/pulse.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/wu-binary-cache/client.nix
|
||||
../2configs/xserver
|
||||
];
|
||||
|
||||
|
@ -16,7 +16,6 @@ with import <stockholm/lib>;
|
||||
../2configs/nginx/public_html.nix
|
||||
../2configs/pulse.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/wu-binary-cache
|
||||
../2configs/xserver
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -15,7 +15,7 @@ with import <stockholm/lib>;
|
||||
../2configs/nginx/public_html.nix
|
||||
../2configs/pulse.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/wu-binary-cache/client.nix
|
||||
../2configs/binary-cache
|
||||
../2configs/xserver
|
||||
../2configs/xu-qemu0.nix
|
||||
{
|
||||
|
@ -21,7 +21,6 @@ with import <stockholm/lib>;
|
||||
../2configs/nginx/public_html.nix
|
||||
../2configs/pulse.nix
|
||||
../2configs/retiolum.nix
|
||||
../2configs/wu-binary-cache/client.nix
|
||||
../2configs/xserver
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -58,6 +58,18 @@ with import <stockholm/lib>;
|
||||
dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; };
|
||||
startAt = "07:00";
|
||||
};
|
||||
xu-pull-ni-ejabberd = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
|
||||
dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; };
|
||||
startAt = "07:00";
|
||||
};
|
||||
xu-pull-ni-home = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.ni; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.xu; path = "/bku/ni-home"; };
|
||||
startAt = "07:00";
|
||||
};
|
||||
zu-home-xu = {
|
||||
method = "push";
|
||||
src = { host = config.krebs.hosts.zu; path = "/home"; };
|
||||
@ -76,6 +88,18 @@ with import <stockholm/lib>;
|
||||
dst = { host = config.krebs.hosts.zu; path = "/bku/cd-home"; };
|
||||
startAt = "06:30";
|
||||
};
|
||||
zu-pull-ni-ejabberd = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
|
||||
dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; };
|
||||
startAt = "06:00";
|
||||
};
|
||||
zu-pull-ni-home = {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.hosts.ni; path = "/home"; };
|
||||
dst = { host = config.krebs.hosts.zu; path = "/bku/ni-home"; };
|
||||
startAt = "06:30";
|
||||
};
|
||||
} // mapAttrs (_: recursiveUpdate {
|
||||
snapshots = {
|
||||
minutely = { format = "%Y-%m-%dT%H:%M"; retain = 3; };
|
||||
|
@ -1,22 +1,30 @@
|
||||
{ config, lib, pkgs, ... }: with import <stockholm/lib>;
|
||||
{
|
||||
services.nix-serve = assert config.krebs.build.host.name == "wu"; {
|
||||
environment.etc."binary-cache.pubkey".text =
|
||||
config.krebs.build.host.binary-cache.pubkey;
|
||||
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
|
||||
secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path;
|
||||
};
|
||||
|
||||
systemd.services.nix-serve = {
|
||||
requires = ["secret.service"];
|
||||
after = ["secret.service"];
|
||||
};
|
||||
krebs.secret.files.nix-serve-key = {
|
||||
|
||||
krebs.secret.files.binary-cache-seckey = {
|
||||
path = "/run/secret/nix-serve.key";
|
||||
owner.name = "nix-serve";
|
||||
source-path = toString <secrets> + "/nix-serve.key";
|
||||
};
|
||||
|
||||
krebs.nginx = {
|
||||
enable = true;
|
||||
servers.nix-serve = {
|
||||
server-names = [ "cache.wu.gg23" ];
|
||||
server-names = [
|
||||
"cache.${config.krebs.build.host.name}.gg23"
|
||||
];
|
||||
locations = singleton (nameValuePair "/" ''
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
'');
|
@ -14,7 +14,7 @@ with import <stockholm/lib>;
|
||||
stockholm.file = "/home/tv/stockholm";
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
ref = "a6728e15cbca1d11553f01d7c3c477ae2debfd8e";
|
||||
ref = "728a9578e31a0f78f6ad07a3a2ec706ec5290f10";
|
||||
};
|
||||
} // optionalAttrs host.secure {
|
||||
secrets-master.file = "/home/tv/secrets/master";
|
||||
|
@ -29,8 +29,10 @@ let
|
||||
cac-api = {
|
||||
cgit.desc = "CloudAtCost API command line interface";
|
||||
};
|
||||
dic = {
|
||||
cgit.desc = "dict.leo.org command line interface";
|
||||
};
|
||||
get = {};
|
||||
hack = {};
|
||||
load-env = {};
|
||||
loldns = {
|
||||
cgit.desc = "toy DNS server";
|
||||
@ -40,12 +42,9 @@ let
|
||||
netcup = {
|
||||
cgit.desc = "netcup command line interface";
|
||||
};
|
||||
newsbot-js = {};
|
||||
nixpkgs = {};
|
||||
populate = {
|
||||
cgit.desc = "source code installer";
|
||||
};
|
||||
push = {};
|
||||
regfish = {};
|
||||
soundcloud = {
|
||||
cgit.desc = "SoundCloud command line interface";
|
||||
@ -53,8 +52,10 @@ let
|
||||
stockholm = {
|
||||
cgit.desc = "NixOS configuration";
|
||||
};
|
||||
with-tmpdir = {};
|
||||
} // mapAttrs (_: recursiveUpdate { cgit.section = "2. Haskell libraries"; }) {
|
||||
} // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) {
|
||||
ni = {
|
||||
};
|
||||
} // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) {
|
||||
blessings = {};
|
||||
mime = {};
|
||||
quipper = {};
|
||||
@ -63,12 +64,15 @@ let
|
||||
web-routes-wai-custom = {};
|
||||
xintmap = {};
|
||||
xmonad-stockholm = {};
|
||||
} // mapAttrs (_: recursiveUpdate { cgit.section = "3. museum"; }) {
|
||||
} // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) {
|
||||
cgserver = {};
|
||||
crude-mail-setup = {};
|
||||
dot-xmonad = {};
|
||||
make-snapshot = {};
|
||||
nixos-infest = {};
|
||||
painload = {};
|
||||
push = {};
|
||||
with-tmpdir = {};
|
||||
});
|
||||
|
||||
restricted-repos = mapAttrs make-restricted-repo (
|
||||
|
@ -1,7 +0,0 @@
|
||||
_:
|
||||
{
|
||||
nix = {
|
||||
binaryCaches = ["http://cache.wu.gg23"];
|
||||
binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
|
||||
};
|
||||
}
|
@ -35,9 +35,6 @@ with import <stockholm/lib>;
|
||||
ff = pkgs.writeDashBin "ff" ''
|
||||
exec ${pkgs.firefoxWrapper}/bin/firefox "$@"
|
||||
'';
|
||||
gnupg =
|
||||
if elem config.krebs.build.host.name ["xu" "wu"]
|
||||
then super.gnupg21
|
||||
else super.gnupg;
|
||||
gnupg = pkgs.gnupg21;
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user